Privacy Policy

Overview

DocuLens ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document intelligence platform.

Information We Collect

Account Information: Email address, full name, organization name, and password (hashed using bcrypt).

Document Content: Documents you upload to your workspace are processed and stored encrypted at rest. Documents are isolated per workspace and never shared across organizations.

Usage Data: Audit logs of actions taken in the platform (uploads, searches, rule executions) for security and compliance purposes.

Technical Data: IP address, browser type, device information collected through standard server logs.

How We Use Your Information

• Provide and maintain the DocuLens service
• Process documents through extraction and AI analysis pipelines
• Notify you of platform activity and product updates (with your consent)
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and respond to lawful requests

Data Security

We implement industry-standard security measures including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for documents at rest
• Workspace-level data isolation enforced at the database layer
• Role-based access control (RBAC) with 30+ permission types
• Audit logging of all sensitive actions
• Regular security audits and penetration testing

AI Processing

Documents may be processed by third-party AI providers (OpenAI, Anthropic) for extraction, summarization, and Q&A. We do not allow these providers to use your data for training.

For customers requiring full data residency, we offer self-hosted deployments where no data leaves your infrastructure.

Your Rights

Under GDPR, CCPA, and similar regulations, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data
• Export your data in machine-readable format
• Object to processing for marketing purposes

Most rights can be exercised directly from your account settings (Security tab) — including data export and account deletion. For other requests, contact privacy@doculens.io.

Data Retention

Account data is retained while your account is active. After deletion, data is permanently removed within 30 days, except where retention is required by law (e.g., financial records).

Cookies & Analytics

We use essential cookies for authentication and session management. These are required for the service to function.

Optional analytics cookies (PostHog) are loaded only when you click "Accept all" in our cookie banner. They collect anonymized usage data (pages visited, features used) so we can improve the product. We do not use cookies for advertising, retargeting, or selling data to third parties.

You can change your cookie preferences at any time by clearing your browser's site data for this domain — the consent banner will reappear.

Sub-processors

We use the following third-party processors to deliver the service. All have data processing agreements in place where personal data is involved:

We will give 30 days notice via email or product banner before adding or replacing any sub-processor that handles your personal data.

Marketing Communications & Lead Capture

When you submit your email through our free tools (Contract Analyzer, Policy Summarizer, ESG Disclosure Checker), we store it to send occasional product updates. The lawful basis is your consent at the point of submission.

You can unsubscribe at any time using the link in any marketing email, or by contacting privacy@doculens.io. We do not share your email with third parties for marketing purposes.

Contact Us

For privacy-related questions, contact our Data Protection Officer at privacy@doculens.io.